RSA 1024 ridiculous
Robert J. Hansen
rjh at sixdemonbag.org
Sat Jun 16 19:47:25 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
I'll get back to this bit in a moment. ;)
> I suppose this means that 1024 bit RSA-keys are ridiculous and the
> Open PGP Card is a joke.
Not necessarily. There's certainly a strong argument to be made for
moving to RSA-2048, but just because something is susceptible to an
attack involving an enormous amount of horsepower doesn't mean that
it's useless. As an example, you apparently have no objection to
signing with SHA1, despite the fact it's subject to an attack
requiring a work factor of about 2**63... which is in the same
ballpark as factoring RSA-1024.
If it takes over a CPU-century of number crunching and
extraordinarily special mathematical properties to be able to break
RSA-1024, then I think the RSA-1024 keys I use for secure SMTP are
just fine. Likewise, credit card transactions secured by RSA-1024
SSL certs are probably just fine for now; there are far, _far_ easier
ways to get credit card numbers than to rent a year of supercomputing
time just to get the key to _one_ web site.
We should be migrating to RSA-2048, sure. Just like we should be
migrating to SHA256. But it's not the case that RSA-1024 is
'ridiculous' or the OpenPGP card is 'a joke'.
- --
Robert J. Hansen <rjh at sixdemonbag.org>
"Most people are never thought about after they're gone. 'I wonder
where Rob got the plutonium?' is better than most get." -- Phil Munson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iFYEAREIAAYFAkZ0Ii0ACgkQf2XByo0Cu7PikgDffNZ71tKX/GnkIyVX77tE2r3K
sXCIx8vqn4oblwDghCzUjJvxGNS7btDhE+qlLTuXbUouMgoQqfafvYkBHAQBAQgA
BgUCRnQiLQAKCRC3APSC/q+BCS0dB/44AJ68utpLuk3jRmt0gBQbcRNSERLX3G79
FCBH7ReBhYCc6luJR0OGsdOb0DfVVStfot7DkvTsXIc+YHeE3U9JAmaSqrVD9Qwm
y40uTu9PXM/87k17nUtTN6S5OLo0IX0IA2pXqde+cY1gA7lz3fBFN5XUUrCnC1W9
ZUoekK7bV9JheL7//QHkmflkgOnLaA/+0Iq1V5+9rjM0ySSNvQvijFUjcivL3UAN
CsD/a09GOtiFxwFzrx7+56imd3H+j5tRfhmIhCc5l+ZQnZGSEhnVl249W7EYRXbj
+faV9LY3wBkMvH14bKdkgoLfCqHNX2XmGkjWigztcro1cSfGn34N
=YHhO
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list